apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: authentik-https-app-route
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: authentik-https-app-route
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: network
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: cilium-tls-gateway
      namespace: cilium
      sectionName: https
  hostnames:
    - auth.alexlebens.net
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
    - backendRefs:
        - group: ''
          kind: Service
          name: authentik-server
          port: 80
          weight: 1
      matches:
        - path:
            type: PathPrefix
            value: /

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: authentik-http-redirect
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: authentik-http-redirect
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    app.kubernetes.io/component: network
    app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
  parentRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: cilium-tls-gateway
      namespace: cilium
      sectionName: http
  hostnames:
    - auth.alexlebens.net
  rules:
    - filters:
        - requestRedirect:
            scheme: https
            statusCode: 301
          type: RequestRedirect
      matches:
        - path:
            type: PathPrefix
            value: /